database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

Revert "Follow up of 7b8b5ddae280b2d33e2b3fce8446f679521a75be:"

Browse Source 
The fix fails with ssl_crl server test, since certificates are loaded
in global context. If there is a valid certificate in global context,
certificate revocation test on server will fail.

This reverts commit db385afbbe.
This commit is contained in:
Georg Richter
2020-09-16 07:28:41 +02:00
parent db385afbbe
commit 0157f3db88
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libmariadb/secure/openssl.c
View File

@@ -486,9 +486,7 @@ static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl)
if (certfile && certfile[0] != 0) if (certfile && certfile[0] != 0)
{ {
if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1) if (SSL_CTX_use_certificate_chain_file(ctx, certfile) != 1)
{
goto error; goto error;
}
} }
if (keyfile && keyfile[0]) if (keyfile && keyfile[0])
@@ -499,7 +497,7 @@ static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl)
EVP_PKEY *key= EVP_PKEY_new(); EVP_PKEY *key= EVP_PKEY_new();
PEM_read_PrivateKey(fp, &key, NULL, pw); PEM_read_PrivateKey(fp, &key, NULL, pw);
fclose(fp); fclose(fp);
if (SSL_CTX_use_PrivateKey(ctx, key) != 1) if (SSL_use_PrivateKey(ssl, key) != 1)
{ {
unsigned long err= ERR_peek_error(); unsigned long err= ERR_peek_error();
EVP_PKEY_free(key); EVP_PKEY_free(key);
@@ -515,7 +513,7 @@ static int ma_tls_set_certs(MYSQL *mysql, SSL *ssl)
} }
} }
/* verify key */ /* verify key */
if (certfile && !SSL_CTX_check_private_key(ctx)) if (certfile && !SSL_check_private_key(ssl))
goto error; goto error;
if (mysql->options.extension && if (mysql->options.extension &&
@@ -909,3 +907,4 @@ int ma_tls_get_protocol_version(MARIADB_TLS *ctls)
return SSL_version(ctls->ssl) & 0xFF; return SSL_version(ctls->ssl) & 0xFF;
} }